1. Field
The disclosed embodiments relate to techniques for facilitating authentication and secure communication in wireless systems. More specifically, the disclosed embodiments relate to techniques for managing privileges for logical entities that perform operations associated with a secure access-control element in a secure element in an electronic device.
2. Related Art
Many wireless communication systems use access-control techniques to ensure secure communication. For example, an access-control technique may involve: verifying the identity of a communicating party; and granting a level of access commensurate with the verified identity. In cellular-telephone systems (such as the Universal Mobile Telecommunications System or UMTS), access control is typically governed by an access-control element or client (such as a Universal Subscriber Identity Module or USIM) executing on a physical Universal Integrated Circuit Card (UICC). The access-control client usually authenticates a subscriber to the cellular network. After successful authentication, the subscriber may be allowed access to the cellular network. In the discussion that follows, note that an ‘access-control client’ refers generally to a logical entity (which may be implemented in hardware and/or software) that controls access from an electronic device to a network. In addition to a USIM, an access-control client may include: a CDMA Subscriber Identification Module (CSIM), an IP Multimedia Services Identity Module (ISIM), a Subscriber Identity Module (SIM), a Removable User Identity Module (RUIM), etc.
Traditionally, the access-control client performs an authentication-and-key-agreement (AKA) technique, which verifies and decrypts the applicable data and programs to ensure secure initialization. Specifically, the access-control client may: answer a remote challenge to prove its identity to the network operator, and may issue a challenge to verify the identity of the network.
While traditional access-control-client solutions are embodied within a removable Integrated Circuit Card (ICC) (which is sometimes referred to as a ‘SIM card’), recent research is directed to virtualizing SIM operation within a software client executing on an electronic device. Virtualized SIM operation can reduce device size, increase device functionality, and provide greater flexibility. Note that a ‘virtualized SIM’ may refer to an electronic SIM (eSIM).
However, virtualized SIM operation also presents new challenges for network operators and device manufacturers. For example, traditional SIM cards are manufactured and guaranteed by a trusted SIM vendor. These traditional SIM cards execute a single, secure version of software that has been permanently ‘burned’ to the SIM card. Once burned, the SIM card usually cannot be changed or tampered with (without also destroying the SIM card).
In contrast, portable electronic devices are manufactured by a wide range of device manufacturers, and may execute software provided by multiple and possibly unknown third-party software vendors. Additionally, portable electronic devices are frequently ‘patched’ with software, which can both fix existing bugs, and introduce new ones. Hence, this software can be susceptible to corruption, sabotage, and/or misuse.
Moreover, while physical SIM cards are very difficult to replicate, software can be readily copied, multiplied, etc. Because each SIM represents a contracted-for amount of access to finite network resources, illicit use of a virtualized SIM can greatly impact network operation and user experience (e.g., such illicit use can rob the network of resources that would otherwise be available for the valid users, thereby degrading the speed, availability, etc. of services for such valid users).
As a consequence, new solutions are needed to provide protections and other properties for virtualized SIMs (and, more generally, access-control clients) that are generally analogous to those of traditional physical SIMs. Furthermore, improved solutions are needed for storing and distributing virtualized access-control clients. Ideally, these solutions can provide the benefits of traditional access-control client operation, with the added capabilities provided by virtualized operation.